The Security Analyst (SA) is responsible for supporting the Global Head of Information Security on advising on the development, implementation and management of a corporate security framework. They will support the identification, development, implementation and maintenance of security processes across the organisation to reduce risks, respond to security incidents, and limit exposure to liability in all areas of information system and data security, both physical and logical. They will maintain appropriate standards and risk controls and direct the establishment and maintenance of associated policies and procedures.
The position sits within the Information Security Team, which currently has 4 members of staff. The team’s focus is the protection of the Organisations’ information, as well as all client information processed in its outsourced data centres infrastructure. Main activities will include:
Governance & external audits:
• Verification that systems are developed, operated and maintained in line with the data security policies.
• Compliance management, including managing client audit and audit responses in line with client expectations
• Assistance with the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of information and to prevent, detect, contain, and correct information security breaches
• Assurance & verification that all suppliers are operating in accordance to the agreed contractual terms
• Information Security for Products, Infrastructure & Projects:
• Provision of guidance and structured approach for meeting clients security requirements
• Design direction with regard to information security for the product suite
• Participation in the evaluation, selection and implementation of security products and technologies.
• Review and evaluation of the security impact of changes to the infrastructure and network, including interfaces with other networks
Internal Audit & Assurance:
• Monitoring and certification of users and security profiles on a periodic basis to provide assurance that all personnel have the appropriate security clearance, authorisation and need-to-know prior to granting access to systems & information
• Assessment of information technology control elements on a periodic basis to mitigate IS/IT risks regarding the confidentiality, integrity, and availability of clients information
• Analysis of system logs / security reports for initiating preventive measures
• Response to operational security issues and security incidents
IT knowledge and business understanding combined with confidence and excellent communication skills. Able to engage at all levels. A broad knowledge of information security technologies and design principles both at the network and application level. An understanding of the long-term direction for information security and best practices would be useful.
• Strong interpersonal negotiating and communication skills
• Presentation skills; clear written and verbal communication skills
• Initiative, decisiveness and self motivation
• Ability to prioritise simultaneous activities
• Highly organised with excellent attention to detail.
• Ability to build and maintain strong relationships with a wide range of internal and external stakeholder groups
Technical experience and knowledge:
• Intrusion Prevention & Detection Systems
• Internet, Extranet and Intranet technologies and architectures.
• Firewalls, Proxies, Load Balancers (including TCP/IP & network security)
• Malicious Code Management (Anti Virus, Anti Malware, Anti Spyware)
• Secure Application Development
• Encryption technologies
• Remote Access Systems and methodologies.
• Audit processes and automation
• Data Leakage Prevention technologies
• Operating Systems (Windows, Linux, Solaris and associated security architectures)
• Applications Servers - Java EE (JBOSS / WebLogic) and Microsoft .Net Framework.
• Web Application Firewalls
• Familiarity with cloud and BYOD security challenges
• Standards and regulations, including DPA & ISO27001
• Project management experience
• Industry security certifications (CISSP, CISM, CISA, ...)
Technical experience and knowledge:
• Designing secure architectures and solutions.
• Security Incident Management
• Database architecture and management (SQL, Oracle)